NYCPHP Meetup

NYPHP.org

[joomla] Re: Uh oh, two extensions slammed by milw0rm

Mitch Pirtle mitch.pirtle at gmail.com
Fri Oct 24 16:16:18 EDT 2008


While we're at it:

* FWCards 3.0.11 - local file inclusion vulnerability
* ionFiles 4.4.2 - file disclosure vulnerability
* Daily Message 1.0.3. - SQL injection vulnerability
* Nice Talk - SQL injection vulnerability
* ds-syndicate - SQL injection vulnerability

Sad, most likely all are making the same 2 or 3 mistakes, but some
punk wants to pad his totals for the month.

-- Mitch

On Fri, Oct 24, 2008 at 4:12 PM, Mitch Pirtle <mitch.pirtle at gmail.com> wrote:
> Heads up folks, the following Joomla extensions have been shamed at
> milw0rm (yes, they posted exploit code too):
>
> * Archaic Binary Gallery - directory traversal vulnerability
> * Kbase - SQL injection vulnerability
>
> So if you are using either, best disable them pronto, then ask
> questions later ;-)
>
> -- Mitch
>



More information about the Joomla mailing list